In my daily engagements with various customers of all shapes and sizes, it’s truly interesting to see how the approach to DDoS mitigation is changing. Much of this is the result of DDoS mitigation services shifting from a “nice to have” technology to a “must-have”, essential in order to maintain business continuity and availability.

One of the new security features in the latest Windows release (Windows 8.1) is the “Restricted Admin mode for Remote Desktop Connection”. This measure is meant to enhance Windows credential protection against attacks such as Pass-the-Hash and Pass-the-Ticket. However, it appears that cure might be worse than the disease as the new “Restricted Admin mode” opens a new attack surface for the...

Organizations may find themselves in a “PCI’s Catch 22″ situation: Implementing PCI’s recommended Smart Card Logon for Windows may be in breach of another PCI requirement: to change passwords on a regular basis.

In this article we'll test our web application with vertical password guessing attacks. Whereas horizontal password guessing attacks entail trying only a few common passwords against a long list of usernames, vertical password guessing attacks entail trying a long list of passwords against a single username.

Cybercriminals are employing more sophisticated techniques all the time and far too many companies and organizations still don’t have the protection they really need to safeguard their systems. The prevalence of targeted attacks and advanced persistent threats (APTs) is disturbing.

Eliminating the risk of SQL injection is made complicated by a host of factors -- many of which are out of the developer and security teams’ control. If not addressed completely, web applications are still vulnerable. Let’s look at the problem from each team’s point of view.

Last week a report came out on Wired about how the ACE (Army Corps of Engineers) database was hacked by China and "sensitive" dam data was taken.. By China, let that sink in for a bit as there was no real attribution data in the story

Most of the time, attacks considered APTs use 0-Day exploits, or malware that slips past poorly updated AV software, or phishing to compromise a host or organization. There is nothing advanced about attacks like these...

The banking world must be prepared, it is one of the sectors that will be subject to a major number of attacks in next year, they are considered privileged targets for hacktivists, state sponsored hackers and cyber criminals...

Social engineering can be seen as a more direct approach to exposing real security assets such as passwords, processes, keys and so on. Via subtle manipulation, carefully planned framing and scenario attacks, through to friending and spear phishing, people are increasingly becoming the main target...

This article holds little validity in my mind and I’m sure that runs up the chain of the Government to President Obama who is the only one, at this time, that seems to be able to have a majority consensus for a direction or secret directives for Cyberspace activities, rules and laws...

Increasingly, both the armed forces and businesses are practicing the concept of “active defense,” a military term that refers to efforts to thwart an attack by attacking the attackers. However popular it has become, active defense is an alarming trend...